A network entity can represent a single IP address or multiple IP addresses. The sets of all the source and destination IP addresses in the network entities to which a network rule applies are specified through FPCSelectionIPs objects. The following table lists the network entities that can be referenced in the source and destination FPCSelectionIPs objects of a network rule and the objects that represent a single instance of each network entity.

A routing relationship indicates that traffic allowed by policy rules is routed through the ISA Server computer without any address translation. Routing relationships are bidirectional. If a routing relationship is defined from network A to network B, a routing relationship also exists from network B to network A.

A NAT relationship indicates that IP addresses from the source network are always translated when passing through the ISA Server computer on the way to the destination network. NAT relationships apply in only one direction. If a NAT relationship is defined from source network A to destination network B, the IP addresses of client computers on network A are replaced with an IP address of the network adapter on the ISA Server computer that is connected to network B before requests are passed to a computer on network B. On the other hand, when a packet from the network B is returned to a client computer on network A, the address of the computer on network B is not translated. In other words, clients on network A can see the addresses of computers on network B.

If there is a NAT relationship between source network A and destination network B and a server on network B is published by a server publishing rule, which maps a port number and an IP address (or IP addresses) on the network adapter of the ISA Server computer that listens for requests from clients in network A to a port number and an IP address on the published server, requests that meet all the conditions specified by the server publishing rule are redirected to the IP address of the published server. If there is a routing relationship between these networks, the clients must send requests directly to the IP address of the published server.

When an HTTP or FTP request (or response) is handled by the ISA Server Web proxy, address translation is always performed, and the host receiving the request (or response) sees the packets as having come from the ISA Server computer even if the network rule defines a routing relationship between the source and destination IP addresses.

When there is no network rule defining a network relationship between two IP addresses, ISA Server drops all traffic that is sent from one of these IP addresses to the other and is not handled by the Web proxy.

In ISA Server Enterprise Edition, network rules can also be defined on the enterprise level. If an enterprise-level network rule and an array-level network rule define different relationships between the same pair of IP addresses, the array-level network rule takes precedence.

Inheritance

This object inherits from the FPCPersist object, which contains methods and properties related to the persistent storage of an object's data. They include methods for exporting the object's data to and importing it from an XML document.

Gets a Boolean value that indicates whether the network rule is a preinstalled rule that cannot be deleted and whose position in the list of network rules corresponding to their order of application cannot be changed.